cyber threat intelligencehttp://blogs.forrester.com/taxonomy/term/11466/all
enThe State Of The Cyberthreat Intelligence Markethttp://blogs.forrester.com/rick_holland/15-06-23-the_state_of_the_cyberthreat_intelligence_market
<p>If the RSA Conference was any indicator, threat intelligence has finally joined the ranks of cloud and advanced persistent threat as ambiguous/overused terms that mean many different things to many different people. If you were given a dollar, pound or euro every time you heard &quot;threat intelligence,&quot; there is no doubt you could fund your security budget for decades to come. Your biggest challenge would be determining how to invest some of that money into threat intelligence capabilities.</p>
<p>To help Forrester clients navigate the threat intelligence market I have several pieces of research underway. The first report, &quot;<a href="https://www.forrester.com/The+State+Of+The+Cyberthreat+Intelligence+Market/fulltext/-/E-RES123011">The State Of The Cyberthreat Intelligence Market</a>&quot; has just published. In it I discuss the frenzied venture capital and vendor investment in the threat intelligence space. I also provide guidance on how security and risk professionals should navigate the marketing hype to make the best investment of their limited resources. I am currently writing the second report &quot;Market Overview: Threat Intelligence Providers.&quot; Here is a snippet from the <a href="https://www.forrester.com/The+State+Of+The+Cyberthreat+Intelligence+Market/fulltext/-/E-RES123011">latest research</a> that illustrates just how much vendor focus we have seen. Since October of 2014:</p>
<p>\</p><a href="http://blogs.forrester.com/rick_holland/15-06-23-the_state_of_the_cyberthreat_intelligence_market" title="Read the rest of &#039;The State Of The Cyberthreat Intelligence Market&#039;." class="node_read_more">Read more</a><div class="categories"><h3>Categories:</h3><ul class="links"><li class="taxonomy_term_12046 first"><a href="/category/cyber_security" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cyber security</a></li>
<li class="taxonomy_term_11466"><a href="/category/cyber_threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cyber threat intelligence</a></li>
<li class="taxonomy_term_10783 last"><a href="/category/threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">threat intelligence</a></li>
</ul></div>http://blogs.forrester.com/rick_holland/15-06-23-the_state_of_the_cyberthreat_intelligence_market#commentsSecurity and Riskcyber securitycyber threat intelligencethreat intelligenceWed, 24 Jun 2015 02:47:50 +0000Rick Holland11728 at http://blogs.forrester.comNew Research: Know Your Adversaryhttp://blogs.forrester.com/rick_holland/14-11-03-new_research_know_your_adversary
<div id="cke_pastebin"><span word="Mandiant's" data-scaytid="1">Mandiant&#39;s</span> <a href="http://intelreport.mandiant.com/"><span word="APT1" data-scaytid="2">APT1</span></a> report changed the threat intelligence marketing game, and you would be hard pressed to find a cybersecurity company that doesn&#39;t have a research/intelligence team that produces threat actor reports. The previous few weeks have seen a significant amount of threat intelligence marketing around threat actor groups. <span word="FireEye" data-scaytid="3">FireEye</span> released &quot;<a href="http://www.fireeye.com/blog/technical/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"><span word="APT28" data-scaytid="4">APT28</span>: A Window into Russia's Cyber Espionage Operations?</a>&quot; The analytics firm <span word="Novetta" data-scaytid="5">Novetta</span> released &quot;<a href="http://www.novetta.com/commercial/news/press-releases/pr-031814-2-22-2-2/">Operation <span word="SMN" data-scaytid="6">SMN</span>: Axiom Threat Actor Group Report</a>.&quot; </div>
<div> </div>
<div>We have even seen law enforcement documents on threat actors. In August, Mr. Su Bin, a Chinese national, was <a href="http://www.fbi.gov/losangeles/press-releases/2014/los-angeles-grand-jury-indicts-chinese-national-in-computer-hacking-scheme-allegedly-involving-theft-of-trade-secrets">indicted</a> for the theft of Boeing's trade secrets. The <a href="http://online.wsj.com/public/resources/documents/chinahackcomplaint0711.pdf">criminal complaint </a>regarding Su Bin's activities became public in June and offers a fascinating perspective into espionage as a service. </div>
<div> </div><a href="http://blogs.forrester.com/rick_holland/14-11-03-new_research_know_your_adversary" title="Read the rest of &#039;New Research: Know Your Adversary&#039;." class="node_read_more">Read more</a><div class="categories"><h3>Categories:</h3><ul class="links"><li class="taxonomy_term_329 first"><a href="/category/incident_response" rel="tag" alt="See other content with this tag." title="See other content with this tag.">Incident Response</a></li>
<li class="taxonomy_term_11645"><a href="/category/advanced_persistent_threat" rel="tag" alt="See other content with this tag." title="See other content with this tag.">advanced persistent threat</a></li>
<li class="taxonomy_term_11466"><a href="/category/cyber_threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cyber threat intelligence</a></li>
<li class="taxonomy_term_10783 last"><a href="/category/threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">threat intelligence</a></li>
</ul></div>http://blogs.forrester.com/rick_holland/14-11-03-new_research_know_your_adversary#commentsIncident ResponseSecurity and Riskadvanced persistent threatcyber threat intelligencethreat intelligenceMon, 03 Nov 2014 22:52:58 +0000Rick Holland11143 at http://blogs.forrester.comgot STIX? http://blogs.forrester.com/rick_holland/14-07-15-got_stix
<div id="cke_pastebin">The sharing of threat intelligence is a hot topic these days. When I do conference speeches, I typically ask how many organizations see value in sharing, and most in the room will raise their hand. Next, I ask how many organizations are actually sharing threat intelligence, and roughly 25% to 30% in the room raises their hand. When our 2014 Security Survey data comes in, I will have some empirical data to quote, but anecdotally, there seems to be more interest than action when it comes to sharing. I wrote about some of the challenges around sharing in "<a href="http://www.forrester.com/Four+Best+Practices+To+Maximize+The+Value+Of+Using+And+Sharing+Threat+Intelligence/quickscan/-/E-RES98261?highlightTerm=&amp;isTurnHighlighting=">Four Best Practices To Maximize The Value Of Using And Sharing Threat Intelligence.</a>" Trust is at the epicenter of sharing and just like in &quot;<a href="https://en.wikipedia.org/wiki/Meet_the_Parents">Meet the Parents</a>,&quot; you have to be in the circle of trust. You can enable sharing, but automating trust does take time. </div>
<div> </div>
<div></div>
<div> </div><a href="http://blogs.forrester.com/rick_holland/14-07-15-got_stix" title="Read the rest of &#039;got STIX? &#039;." class="node_read_more">Read more</a><div class="categories"><h3>Categories:</h3><ul class="links"><li class="taxonomy_term_329 first"><a href="/category/incident_response" rel="tag" alt="See other content with this tag." title="See other content with this tag.">Incident Response</a></li>
<li class="taxonomy_term_11466"><a href="/category/cyber_threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cyber threat intelligence</a></li>
<li class="taxonomy_term_9859"><a href="/category/incident_management" rel="tag" alt="See other content with this tag." title="See other content with this tag.">incident management</a></li>
<li class="taxonomy_term_12723"><a href="/category/intelligence_sharing" rel="tag" alt="See other content with this tag." title="See other content with this tag.">intelligence sharing</a></li>
<li class="taxonomy_term_10783 last"><a href="/category/threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">threat intelligence</a></li>
</ul></div>http://blogs.forrester.com/rick_holland/14-07-15-got_stix#commentsIncident ResponseSecurity and Riskcyber threat intelligenceincident managementintelligence sharingthreat intelligenceTue, 15 Jul 2014 17:35:22 +0000Rick Holland10825 at http://blogs.forrester.comIntroducing Forrester’s Targeted-Attack Hierarchy Of Needshttp://blogs.forrester.com/rick_holland/14-05-20-introducing_forresters_targeted_attack_hierarchy_of_needs
<p>We recently published part 1 of a new series designed to help organizations build resiliency against targeted attacks. In the spirit of <a href="http://www.simplypsychology.org/maslow.html">Maslow</a>, we designed our <a href="http://www.forrester.com/Introducing+Forresters+TargetedAttack+Hierarchy+Of+Needs+Part+1+Of+2/quickscan/-/E-RES107121">Targeted-Attack Hierarchy Of Needs</a>. One factor that significantly drove the tone and direction of this research was Forrester client inquiries and consulting. Many organizations were looking for a malware sandbox to check off their targeted attack/advanced persistent threat/advanced threat protection/insert buzzword needs. Malware analysis has a role in enterprise defense, but focusing exclusively on it is a myopic approach to addressing the problem. </p>
<p>Part 1 of the research is designed to help organizations broaden their perspective and lay the foundation for a resilient security program. Part 2 (currently writing at a non George R.R. Martin pace) will move beyond the basics and address strategies for detecting and responding to advanced adversaries. Here is a preview of the research and the six needs we identified: </p><a href="http://blogs.forrester.com/rick_holland/14-05-20-introducing_forresters_targeted_attack_hierarchy_of_needs" title="Read the rest of &#039;Introducing Forrester’s Targeted-Attack Hierarchy Of Needs&#039;." class="node_read_more">Read more</a><div class="categories"><h3>Categories:</h3><ul class="links"><li class="taxonomy_term_12147 first"><a href="/category/apt" rel="tag" alt="See other content with this tag." title="See other content with this tag.">APT</a></li>
<li class="taxonomy_term_11645"><a href="/category/advanced_persistent_threat" rel="tag" alt="See other content with this tag." title="See other content with this tag.">advanced persistent threat</a></li>
<li class="taxonomy_term_11466"><a href="/category/cyber_threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cyber threat intelligence</a></li>
<li class="taxonomy_term_12616"><a href="/category/targeted_attack" rel="tag" alt="See other content with this tag." title="See other content with this tag.">targeted attack</a></li>
<li class="taxonomy_term_10783 last"><a href="/category/threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">threat intelligence</a></li>
</ul></div>http://blogs.forrester.com/rick_holland/14-05-20-introducing_forresters_targeted_attack_hierarchy_of_needs#commentsAPTSecurity and Riskadvanced persistent threatcyber threat intelligencetargeted attackthreat intelligenceTue, 20 May 2014 18:16:26 +0000Rick Holland10637 at http://blogs.forrester.comActionable Intelligence, Meet Terry Tate, Office Linebackerhttp://blogs.forrester.com/rick_holland/14-02-11-actionable_intelligence_meet_terry_tate_office_linebacker
<div id="UMS_TOOLTIP">sdfasdfaasdfThe <a href="https://twitter.com/search?q=%23Forrester"><span class="s1">#Forrester</span></a> Security &amp; Risk team is hiring. We are looking for consultants to join our team <a href="http://t.co/2vHoetDJtG"><span class="s1">bit.ly/M9gWS5</span></a> <a href="https://twitter.com/search?q=%23infosec"><span class="s1">#infosec</span></a>asdfasdasdfasdddsadfas</div>
<p>We are now less than two weeks away from our annual sojourn to the <a href="http://www.rsaconference.com/events/us14">RSA security conference</a>. RSAC is a great time for learning, meeting and making friends. (Please hold cynical remarks; RSAC is what you make of it.) As the date grows near and my excitement grows, I am preparing my mind and patience for the ubiquitous silver bullet marketing that is predestined to appear. </p>
<p>One of these silver bullets will be the term &quot;actionable intelligence.&quot; You will be surrounded by actionable intelligence. You will bask in the glory of actionable intelligence. In fact, the Moscone expo floor will have so much actionable intelligence per capita you will leave the conference feeling like the threat landscape challenge has been solved. Achievement unlocked, check that off the list. Woot!</p>
<p>Well not so fast. I frequently talk to vendors that espouse the greatness of their actionable intelligence. Whenever I hear the term actionable intelligence I want to introduce them to <a href="https://en.wikipedia.org/wiki/Terry_Tate:_Office_Linebacker">Terry Tate, Office Linebacker. </a> Terry Tate first appeared in a 2003 Reebok Super Bowl commercial. </p><a href="http://blogs.forrester.com/rick_holland/14-02-11-actionable_intelligence_meet_terry_tate_office_linebacker" title="Read the rest of &#039;Actionable Intelligence, Meet Terry Tate, Office Linebacker&#039;." class="node_read_more">Read more</a><div class="categories"><h3>Categories:</h3><ul class="links"><li class="taxonomy_term_329 first"><a href="/category/incident_response" rel="tag" alt="See other content with this tag." title="See other content with this tag.">Incident Response</a></li>
<li class="taxonomy_term_11466"><a href="/category/cyber_threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cyber threat intelligence</a></li>
<li class="taxonomy_term_10783 last"><a href="/category/threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">threat intelligence</a></li>
</ul></div>http://blogs.forrester.com/rick_holland/14-02-11-actionable_intelligence_meet_terry_tate_office_linebacker#commentsIncident ResponseSecurity and Riskcyber threat intelligencethreat intelligenceWed, 12 Feb 2014 02:33:00 +0000Rick Holland10300 at http://blogs.forrester.comIf Everything Is Threat Intelligence, Then Nothing Is Threat Intelligence http://blogs.forrester.com/rick_holland/13-10-30-if_everything_is_threat_intelligence_then_nothing_is_threat_intelligence
<p>The hype surrounding threat intelligence has continued to build since I wrote the blog &quot;<a href="http://blogs.forrester.com/rick_holland/12-05-22-my_threat_intelligence_can_beat_up_your_threat_intelligence">My Threat Intel Can Beat Up Your Threat Intel</a>" in mid-2012. S&amp;R pros are responding to both the hope and promise of threat intelligence. According to our <span word="Forrsights" data-scaytid="1">Forrsights</span> survey data, 75% of security decision-makers report that establishing or improving threat intelligence capabilities is a top priority for their organization. </p>
<p>One of the most significant challenges in leveraging threat intelligence is operationalizing it. Today, there are two broad categories of organizations that leverage threat intelligence. I'll use an analogy to describe them. The US television show "<a href="https://en.wikipedia.org/wiki/Sons_of_Anarchy">Sons of Anarchy</a>" follows the lives of an outlaw motorcycle club. The Sons of Anarchy refer to themselves as "1%ers": They have the power, resources, and means to accomplish anything they desire. This is in contrast with the 99% who are merely motorcycle enthusiasts without these capabilities. Some of these early adopters include financial services, technology, and manufacturing companies. </p>
<p>The 99%ers, on the other hand, are challenged by a lack of staff, skill sets, and budget. Many of the 99%ers don't even have an incident response capability. The exact percentages obviously differ in reality, but we certainly have a "haves" versus "have-nots" situation, and the way these two groups operate is vastly different. It is important to not make the assumption that the 1%ers have solved the threat intelligence problem. Operationalizing intelligence is a problem for both 1%ers and 99%ers alike, but the 1%ers have more resources at their disposal to address the challenges. For threat intelligence to be effective, S&amp;R pros must be able to:</p><a href="http://blogs.forrester.com/rick_holland/13-10-30-if_everything_is_threat_intelligence_then_nothing_is_threat_intelligence" title="Read the rest of &#039;If Everything Is Threat Intelligence, Then Nothing Is Threat Intelligence &#039;." class="node_read_more">Read more</a><div class="categories"><h3>Categories:</h3><ul class="links"><li class="taxonomy_term_11466 first"><a href="/category/cyber_threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cyber threat intelligence</a></li>
<li class="taxonomy_term_10783 last"><a href="/category/threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">threat intelligence</a></li>
</ul></div>http://blogs.forrester.com/rick_holland/13-10-30-if_everything_is_threat_intelligence_then_nothing_is_threat_intelligence#commentsSecurity and Riskcyber threat intelligencethreat intelligenceWed, 30 Oct 2013 22:17:05 +0000Rick Holland9916 at http://blogs.forrester.comCounter-Strike?http://blogs.forrester.com/rick_holland/13-06-03-counter_strike
<p>On Monday the Wall Street Journal ran a story on hacking back titled, "<a href="http://online.wsj.com/article/SB10001424127887324682204578517374103394466.html">Support Grows to Let Cybertheft Victims Hack Back</a>." The article describes a growing desire to permit the private sector to retaliate against attackers. Being proactive is one thing, but the notion of enterprises retaliating against attackers is ludicrous. I honestly cannot understand why this topic is still in the public discourse. I thought debating this was so 2012. Legality is an issue, but so is the ability of companies to successfully conduct these types of operations without blowback. </p>
<p>The article explains, "&hellip; companies that experience cybertheft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information.&quot; I hate to be the bearer of bad news, but for most organizations, once the data has left your environment the chances of you retrieving it are very slim. Your data has left the building and it isn't going to "re-spawn." If you couldn't prevent exfiltration of this data in the first place, what would make you think that you could prevent the subsequent exploitation of it? </p>
<p>As I said back in January in my "<a href="http://www.forrester.com/Five+Steps+To+Build+An+Effective+Threat+Intelligence+Capability/fulltext/-/E-RES83841">Five Steps To Build An Effective Threat Intelligence Capability</a>" report, "If you have a mature security program, you can consider counterintelligence operations, but leave the hacking back to governments and militaries." </p>
<p>There are many suggested strategies for dealing with the threat landscape. Hacking back should not be one. </p><a href="http://blogs.forrester.com/rick_holland/13-06-03-counter_strike" title="Read the rest of &#039;Counter-Strike?&#039;." class="node_read_more">Read more</a><div class="categories"><h3>Categories:</h3><ul class="links"><li class="taxonomy_term_329 first"><a href="/category/incident_response" rel="tag" alt="See other content with this tag." title="See other content with this tag.">Incident Response</a></li>
<li class="taxonomy_term_11466"><a href="/category/cyber_threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cyber threat intelligence</a></li>
<li class="taxonomy_term_11769"><a href="/category/hack_back" rel="tag" alt="See other content with this tag." title="See other content with this tag.">hack back</a></li>
<li class="taxonomy_term_11768"><a href="/category/offensive_security" rel="tag" alt="See other content with this tag." title="See other content with this tag.">offensive security</a></li>
<li class="taxonomy_term_10783 last"><a href="/category/threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">threat intelligence</a></li>
</ul></div>http://blogs.forrester.com/rick_holland/13-06-03-counter_strike#commentsIncident ResponseSecurity and Riskcyber threat intelligencehack backoffensive securitythreat intelligenceTue, 04 Jun 2013 02:07:40 +0000Rick Holland9362 at http://blogs.forrester.comAvoid The Information Security Squirrelhttp://blogs.forrester.com/rick_holland/13-04-17-avoid_the_information_security_squirrel
<p><em>&quot;My master made me this collar. He is a good and smart master and he made me this collar so that I may speak. <strong>Squirrel</strong>!&quot; </em></p>
<p>In the Pixar film Up, squirrels frequently distract Dug the talking dog. In our space, we are frequently distracted by technology. <em>&quot;I am a good and smart security professional; I must protect my enterprise so that we are secure. <strong>APT defense in a box!</strong>&quot; </em></p>
<p>The expo floors at industry events such as the RSA Conference and Blackhat contribute to this. Signage touts the next great piece of technology that will solve all of our security problems. We allow Big Data, security analytics, threat intelligence, and APT defense in a box to distract us. It is easy to do; there is no shortage of challenges for today's security and risk professional. The threat landscape is overwhelming. We have problems recruiting and retaining the right staff. Day-to-day operational duties take up too much time. Our environments are complex, and we struggle to get the appropriate budget.</p>
<p>These "security technology du jour" solutions are very appetizing. They compel us much like IDS, IPS, and SIM did in the past. We want and need the "easy" button. Sadly, there is no "easy" button and we must understand that threat protection doesn&#39;t equal a product or service; there is no single solution. Technology alone isn&#39;t the answer we are looking for. </p><a href="http://blogs.forrester.com/rick_holland/13-04-17-avoid_the_information_security_squirrel" title="Read the rest of &#039;Avoid The Information Security Squirrel&#039;." class="node_read_more">Read more</a><div class="categories"><h3>Categories:</h3><ul class="links"><li class="taxonomy_term_9120 first"><a href="/category/forresters_security_maturity_model" rel="tag" alt="See other content with this tag." title="See other content with this tag.">Forrester&#039;s Security Maturity Model</a></li>
<li class="taxonomy_term_329"><a href="/category/incident_response" rel="tag" alt="See other content with this tag." title="See other content with this tag.">Incident Response</a></li>
<li class="taxonomy_term_11645"><a href="/category/advanced_persistent_threat" rel="tag" alt="See other content with this tag." title="See other content with this tag.">advanced persistent threat</a></li>
<li class="taxonomy_term_11466"><a href="/category/cyber_threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cyber threat intelligence</a></li>
<li class="taxonomy_term_11646"><a href="/category/security_analytics" rel="tag" alt="See other content with this tag." title="See other content with this tag.">security analytics</a></li>
<li class="taxonomy_term_10783 last"><a href="/category/threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">threat intelligence</a></li>
</ul></div>http://blogs.forrester.com/rick_holland/13-04-17-avoid_the_information_security_squirrel#commentsForrester's Security Maturity ModelIncident ResponseSecurity and Riskadvanced persistent threatcyber threat intelligencesecurity analyticsthreat intelligenceThu, 18 Apr 2013 01:44:19 +0000Rick Holland9145 at http://blogs.forrester.comIntroducing Forrester's Cyber Threat Intelligence Research http://blogs.forrester.com/rick_holland/13-02-14-introducing_forresters_cyber_threat_intelligence_research
<p>We have started a new report series on Cyber Threat Intelligence. The first report, &quot;<a href="http://www.forrester.com/Five+Steps+To+Build+An+Effective+Threat+Intelligence+Capability/fulltext/-/E-RES83841">Five Steps To Build An Effective Threat Intelligence Capability</a>,&quot; is designed to help organizations understand what threat intelligence is and how to establish a program. If you&#39;re not a Forrester client and would like the report, Proofpoint is providing a <a href="http://www.proofpoint.com/id/five-steps-to-build-an-effective-threat-intelligence-capability/index.php">complementary</a> copy. On Thursday March 28th, I will be conducting a <a href="http://www.forrester.com/Five+Steps+To+Build+An+Effective+Threat+Intelligence+Capability/-/E-WEB13383">Forrester webinar </a>on the report. Please join me if you&#39;d like to get a deeper perspective on it. In the future, we will expand on sections of this intial report with additional research including:</p><a href="http://blogs.forrester.com/rick_holland/13-02-14-introducing_forresters_cyber_threat_intelligence_research" title="Read the rest of &#039;Introducing Forrester&amp;#039;s Cyber Threat Intelligence Research &#039;." class="node_read_more">Read more</a><div class="categories"><h3>Categories:</h3><ul class="links"><li class="taxonomy_term_329 first"><a href="/category/incident_response" rel="tag" alt="See other content with this tag." title="See other content with this tag.">Incident Response</a></li>
<li class="taxonomy_term_11466"><a href="/category/cyber_threat_intelligence" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cyber threat intelligence</a></li>
<li class="taxonomy_term_785 last"><a href="/category/cybersecurity" rel="tag" alt="See other content with this tag." title="See other content with this tag.">cybersecurity</a></li>
</ul></div>http://blogs.forrester.com/rick_holland/13-02-14-introducing_forresters_cyber_threat_intelligence_research#commentsIncident ResponseSecurity and Riskcyber threat intelligencecybersecurityFri, 15 Feb 2013 02:44:38 +0000Rick Holland8873 at http://blogs.forrester.com